FBI Shuts Down DNSChanger Servers

As expected, the FBI today shut down the DNSChanger servers, potentially cutting off Internet access to those with infected PCs.

As expected, the FBI today shut down the DNSChanger servers, potentially cutting off Internet access to those with infected PCs.

Despite the hysteria, however, security firm F-Secure said things appear to be under control, thanks to ISP intervention.

"Many global operators are keeping their ‪#DNSChanger‬ victims online, even after FBI stopped. We do not expect much noise about this today," F-Secure's Mikko Hypponen tweeted today.

On the F-Secure blog, the company said that "all in all, things are working out as they probably should in a case such as this. The infection count continues to decrease without a major crisis in support calls. (We've only received a couple from our own customers.)"

F-Secure pointed to weekend data, which showed that DNSChanger was still present on about 47,000 computers in the U.S., down from about 70,000 last week. That was followed by Italy with 21,500 and about 20,000 in India.

As noted by the BBC, South Korea was one of the first countries that would have been hit by the DNSChanger shutdown, but the country's Communications Commission chief said the "impact will be limited."

The problem dates back to November 2011, when the FBI seized about 100 servers that were infecting millions of computers with the DNSChanger Trojan. Infected machines had their Domain Name System (DNS) settings altered so websites would redirect to servers controlled by the criminals. The scammers reportedly earned millions in affiliate and referral fees by diverting users through those sites.

The FBI wanted to shut down the rogue servers, but if they did, infected computers would have lost access to the Internet immediately. So, the FBI got a court order to continue running the servers while people applied a patch. That court order was originally scheduled to expire on March 8, but was later extended to July 9. If infected machines were not fixed by this morning, their Internet connections went dark.

If you are infected with DNSChanger, PCMag's Fahmida Rashid suggested that the average computer user seek the help of a computer professional to help with cleanup. For those who want to pursue the fix on their own, however, the DNS Changer Working Group has some suggestions for how to troubleshoot.

Chloe Albanesius has been with PCMag.com since April 2007, most recently as Executive Editor for News and Features. Prior to that, she worked for a year covering financial IT on Wall Street for Incisive Media. From 2002 to 2005, Chloe covered technology policy for The National Journal's Technology Daily in Washington, DC. She has held internships at NBC's Meet the Press, washingtonpost.com, the Tate Gallery press office in London, Roll Call, and Congressional Quarterly. She graduated with a bachelor's degree in journalism from American University...
More »